瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我机器中了木马程序 Trojan-PSW.Win32.OnLineGames,求高手帮忙

1   1  /  1  页   跳转

我机器中了木马程序 Trojan-PSW.Win32.OnLineGames,求高手帮忙

收藏
soloooo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-12-31
  • 来自:
发表于: 2007-12-31 05:08 | 只看楼主 短消息 资料
字号: 1楼

我机器中了木马程序 Trojan-PSW.Win32.OnLineGames,求高手帮忙

以下是我的SREng扫描报告
看了一些帖子,有要附件,有要贴出来的.我不是很清楚,上传了附件,也贴了出来,麻烦看看,
谢谢


[CODE]

2007-12-31,04:46:38

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
N/A

==================================
启动文件夹
[Permeo Security Driver Startup]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Permeo Security Driver Startup.lnk --> D:\PROGRA~1\Permeo\SECURI~1\EBIcon.exe [Permeo Technologies Inc.]><N>

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\mnmsrvc.exe><N/A>
[Security Driver NetBT Proxy / nbproxy][Running/Auto Start]
  <d:\Program Files\Permeo\Security Driver\nbproxy.exe /service><Permeo Technologies, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  <system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Security Driver NetBT Helper / ebnetbt][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ebnetbt.sys><Permeo Technologies>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\winio.sys><N/A>
[AntiyFirewall / AntiyFirewall][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\AntiyFW.sys><Antiy Labs>

==================================
浏览器加载项
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll, N/A>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\iebho.dll, N/A>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[JUJU工具条3.1.5]
  {B0CFAB31-D992-420E-85A0-F29BF0EC5A47} <C:\WINDOWS\system32\IETool.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[JUJU工具条3.1.5]
  {B0CFAB31-D992-420E-85A0-F29BF0EC5A47} <C:\WINDOWS\system32\IETool.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\iebho.dll, N/A>
[&使用BitComet下载]
  <res://D:\Program Files\BitComet_0.94\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\Program Files\BitComet_0.94\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\Program Files\BitComet_0.94\BitComet.exe/AddVideo.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件附件:

下载次数:155
文件类型:application/octet-stream
文件大小:
上传时间:2007-12-31 5:08:20
描述:

最后编辑2007-12-31 05:02:45
分享到:
gototop
 
soloooo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-12-31
  • 来自:
发表于: 2007-12-31 05:11 | 只看楼主 短消息 资料
字号: 2楼

【回复“soloooo”的帖子】
==================================
正在运行的进程
[PID: 760 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
[PID: 1084 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
[PID: 1240 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1280 / SYSTEM][d:\Program Files\Permeo\Security Driver\nbproxy.exe]  [Permeo Technologies, Inc., 1.0]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
[PID: 1424 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
[PID: 1504 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1752 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
[PID: 1896 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Antiy Labs\AGB5Cn\AGBCM.dll]  [Antiy Labs, 3, 0, 0, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 2008 / Administrator][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avpgui.ppl]  [Kaspersky Lab, 6.0.0.300]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\basegui.dll]  [Kaspersky Lab, 6.0.0.300]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\inflate.ppl]  [Kaspersky Lab, 6.0.0.16]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2024 / Administrator][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
    [C:\WINDOWS\system32\GooglePinyin.ime]  [Google Inc., ]
[PID: 228 / Administrator][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.08.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.08.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.1.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.0.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [DT Soft Ltd., 1.18.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [DT Soft Ltd., 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
gototop
 
soloooo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-12-31
  • 来自:
发表于: 2007-12-31 05:12 | 只看楼主 短消息 资料
字号: 3楼

【回复“soloooo”的帖子】
[PID: 312 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 420 / Administrator][C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe]  [安天信息技术有限公司, 2, 1, 4, 0]
[PID: 496 / Administrator][D:\Program Files\Permeo\Security Driver\EBIcon.exe]  [Permeo Technologies Inc., 4, 0, 0, 1]
    [C:\WINDOWS\system32\SPORDER.dll]  [Microsoft Corporation, 4.00]
    [D:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
[PID: 1820 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
[PID: 2180 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
[PID: 4004 / Administrator][D:\Program Files\ttt2006\bin\tttconfig.exe]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
[PID: 3524 / Administrator][D:\Program Files\ttt2006\bin\ttt.exe]  [长沙高新区通通数码科技有限公司, 2005.0.50]
    [D:\Program Files\ttt2006\bin\libapr.dll]  [Apache Software Foundation, 0.9.12]
    [D:\Program Files\ttt2006\bin\libaprutil.dll]  [Apache Software Foundation, 0.9.12]
    [D:\Program Files\ttt2006\bin\libapriconv.dll]  [Apache Software Foundation, 0.9.7]
    [D:\Program Files\ttt2006\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.58]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [D:\Program Files\ttt2006\modules\mod_tclient.so]  [长沙高新区通通数码科技有限公司, 2.0.0]
[PID: 3544 / Administrator][D:\Program Files\ttt2006\bin\ttt.exe]  [长沙高新区通通数码科技有限公司, 2005.0.50]
    [D:\Program Files\ttt2006\bin\libapr.dll]  [Apache Software Foundation, 0.9.12]
    [D:\Program Files\ttt2006\bin\libaprutil.dll]  [Apache Software Foundation, 0.9.12]
    [D:\Program Files\ttt2006\bin\libapriconv.dll]  [Apache Software Foundation, 0.9.7]
    [D:\Program Files\ttt2006\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.58]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [D:\Program Files\ttt2006\modules\mod_tclient.so]  [长沙高新区通通数码科技有限公司, 2.0.0]
[PID: 3728 / Administrator][C:\Program Files\Antiy Labs\AGuard\AGuard_.exe]  [安天信息技术有限公司, 2, 4, 7, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\AVLDB.dll]  [, 1, 0, 1, 0]
    [C:\Program Files\Antiy Labs\AGuard\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Antiy Labs\AGuard\msvcp71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Antiy Labs\AGuard\mfc71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
    [C:\Program Files\Common Files\Antiy Labs\Base\AVLeachSDK.dll]  [Antiy Labs, 2, 0, 3, 1]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\AExploit.dll]  [Antiy Labs, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\APack.dll]  [Antiy Labs, 1, 0, 1, 2]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\APk.dll]  [Antiy Labs, 1, 0, 2, 3]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ARealPop.dll]  [Antiy Labs, 1, 0, 0, 2]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ATrojan.dll]  [Antiy Labs, 1, 0, 14, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\KillTrojan.dll]  [Antiy Labs, 1, 0, 0, 3]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\MiscFix.dll]  [Antiy Labs, 1, 0, 1, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ScanReg.dll]  [Antiy Labs, 1, 0, 0, 4]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IETool.dll]  [N/A, ]
    [C:\WINDOWS\system32\iebho.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3416 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2[1].5\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\Administrator\桌面\sreng2[1].5\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [d:\Program Files\Permeo\Security Driver\s5spi.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\s5impl.dll]  [Permeo Technologies Inc., 4, 2, 0, 0]
    [d:\Program Files\Permeo\Security Driver\cldap.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cradius.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\csecureid.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cssl.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\ctacacs.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cupwd.dll]  [N/A, ]
    [d:\Program Files\Permeo\Security Driver\cwindom.dll]  [N/A, ]
gototop
 
soloooo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-12-31
  • 来自:
发表于: 2007-12-31 05:12 | 只看楼主 短消息 资料
字号: 4楼

【回复“soloooo”的帖子】
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
Permeo TCP
    d:\Program Files\Permeo\Security Driver\s5spi.dll(Permeo Technologies Inc., Security Driver Loader)
Permeo UDP
    d:\Program Files\Permeo\Security Driver\s5spi.dll(Permeo Technologies Inc., Security Driver Loader)
Permeo RSVP TCP
    d:\Program Files\Permeo\Security Driver\s5spi.dll(Permeo Technologies Inc., Security Driver Loader)
Permeo RSVP UDP
    d:\Program Files\Permeo\Security Driver\s5spi.dll(Permeo Technologies Inc., Security Driver Loader)
Permeo Security Driver
    d:\Program Files\Permeo\Security Driver\s5spi.dll(Permeo Technologies Inc., Security Driver Loader)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2008, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 6.0\AVP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 420, C:\PROGRAM FILES\ANTIY LABS\ALIVE\ALIVECENTER_.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4004, D:\PROGRAM FILES\TTT2006\BIN\TTTCONFIG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3524, D:\PROGRAM FILES\TTT2006\BIN\TTT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3544, D:\PROGRAM FILES\TTT2006\BIN\TTT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3728, C:\PROGRAM FILES\ANTIY LABS\AGUARD\AGUARD_.EXE]

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
soloooo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-12-31
  • 来自:
发表于: 2007-12-31 05:14 | 只看楼主 短消息 资料
字号: 5楼

【回复“soloooo”的帖子】
很抱歉.扫描报告很长.论坛限制字节.无法一次性发.只好分几次发.
请高手教下要怎么解决.困扰我很多天了..
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT